Magnus Hagander wrote:
> > > > I think any secure solution is going to have to block all write 
> > > > access to postgresql.conf, and that includes all the COPY 
> > TO and all 
> > > > the untrusted languages.
> > > 
> > > Exactly. But we won't get that for 8.1. So for now, we 
> > block all write 
> > > access through *new* functions, per the "let's at least not 
> > add more 
> > > security holes" rule.
> > 
> > As far as I know, the only new functionality the patch adds 
> > _over_ copy is the ability to write nulls, and rename/unlink. 
> >  Should we just throw an error when writing null bytes?
> 
> Um. Yes. This patch goes one step further and allows you to block the
> writing of *any* file using these functions. The question is wether that
> one step further is far enough..

I am thinking we can just block null byte writes and say it is the same
as COPY, which we have always used.

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
       subscribe-nomail command to [EMAIL PROTECTED] so that your
       message can get through to the mailing list cleanly

Reply via email to